[sendob]

Awesome, thanks for the reply.

It may not have been something which you wanted to do, but I think it is a really interesting problem, and I bet it has been rewarding for both business, and in a pure engineering sense.

In some ways, I think about what it must have been like to create a fake identity in a less connected age, and I wonder at how it will continue to evolve.

I recall some Doctorow novel in which spam and its increasing sophistication was almost an escalating arms race between our ability to distinguish authentic interactions versus those that were staged or generated / general sock puppetry.

I am curious about additional signals and information, I would presume in addition to fingerprinting and collecting as much information about each of their implicit touch points, did you find yourselves increasingly relying on more traditional manifestations of identity/reputation, etc.

edit: Or I wonder about a discount for new sign ups with a one time facebook scan & score type mechanism :D

Thanks again for sharing more information, good food for thought!

[alexk]

Agreed, I'd rather spend time building some cool features for developers everyone can use instead of confronting scammers trying to steal someone's else credit cards, so it's definitely the fight we chose.

Talking about traditional ip, domain and complaints reputation - it helps a lot to identify and block ignorant senders using some questionable techniques for getting their recipient lists, but it's pretty useless for fighting phishers - you need to act immediately and automatically, and reputation takes time to aggregate.